/* ** Copyright (C) 2005-2007 by Carnegie Mellon University. ** ** @OPENSOURCE_HEADER_START@ ** ** Use of the SILK system and related source code is subject to the terms ** of the following licenses: ** ** GNU Public License (GPL) Rights pursuant to Version 2, June 1991 ** Government Purpose License Rights (GPLR) pursuant to DFARS 252.225-7013 ** ** NO WARRANTY ** ** ANY INFORMATION, MATERIALS, SERVICES, INTELLECTUAL PROPERTY OR OTHER ** PROPERTY OR RIGHTS GRANTED OR PROVIDED BY CARNEGIE MELLON UNIVERSITY ** PURSUANT TO THIS LICENSE (HEREINAFTER THE "DELIVERABLES") ARE ON AN ** "AS-IS" BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY ** KIND, EITHER EXPRESS OR IMPLIED AS TO ANY MATTER INCLUDING, BUT NOT ** LIMITED TO, WARRANTY OF FITNESS FOR A PARTICULAR PURPOSE, ** MERCHANTABILITY, INFORMATIONAL CONTENT, NONINFRINGEMENT, OR ERROR-FREE ** OPERATION. CARNEGIE MELLON UNIVERSITY SHALL NOT BE LIABLE FOR INDIRECT, ** SPECIAL OR CONSEQUENTIAL DAMAGES, SUCH AS LOSS OF PROFITS OR INABILITY ** TO USE SAID INTELLECTUAL PROPERTY, UNDER THIS LICENSE, REGARDLESS OF ** WHETHER SUCH PARTY WAS AWARE OF THE POSSIBILITY OF SUCH DAMAGES. ** LICENSEE AGREES THAT IT WILL NOT MAKE ANY WARRANTY ON BEHALF OF ** CARNEGIE MELLON UNIVERSITY, EXPRESS OR IMPLIED, TO ANY PERSON ** CONCERNING THE APPLICATION OF OR THE RESULTS TO BE OBTAINED WITH THE ** DELIVERABLES UNDER THIS LICENSE. ** ** Licensee hereby agrees to defend, indemnify, and hold harmless Carnegie ** Mellon University, its trustees, officers, employees, and agents from ** all claims or demands made against them (and any related losses, ** expenses, or attorney's fees) arising out of, or relating to Licensee's ** and/or its sub licensees' negligent use or willful misuse of or ** negligent conduct or willful misconduct regarding the Software, ** facilities, or other rights or assistance granted by Carnegie Mellon ** University under this License, including, but not limited to, any ** claims of product liability, personal injury, death, damage to ** property, or violation of any laws or regulations. ** ** Carnegie Mellon University Software Engineering Institute authored ** documents are sponsored by the U.S. Department of Defense under ** Contract F19628-00-C-0003. Carnegie Mellon University retains ** copyrights in all material produced under this contract. The U.S. ** Government retains a non-exclusive, royalty-free license to publish or ** reproduce these documents, or allow others to do so, for U.S. ** Government purposes only pursuant to the copyright license under the ** contract clause at 252.227.7013. ** ** @OPENSOURCE_HEADER_END@ */ /* ** Support file for probeconf.c ** */ #include "silk.h" RCSIDENT("$SiLK: probeconf-generic.c 6816 2007-04-05 18:31:56Z mwd $"); #include "probeconf_priv.h" #define RW_IN 0 #define RW_OUT 1 #define RW_IN_WEB 2 #define RW_OUT_WEB 3 #define RW_IN_NULL 4 #define RW_OUT_NULL 5 int probeConfSiteSetup(void) { const char *all = "all"; /* Make sure flowtype definitions match config file */ sksiteFlowtypeAssert(RW_IN, all, "in"); sksiteFlowtypeAssert(RW_OUT, all, "out"); sksiteFlowtypeAssert(RW_IN_WEB, all, "inweb"); sksiteFlowtypeAssert(RW_OUT_WEB, all, "outweb"); sksiteFlowtypeAssert(RW_IN_NULL, all, "innull"); sksiteFlowtypeAssert(RW_OUT_NULL, all, "outnull"); return 0; } void probeConfSiteTeardown(void) { return; } /* * Verify probe by its class. */ int skProbeVerifyClass(probe_def_t *probe) { /* There is a single class, so no per-class verification is * necessary. Make certain the required ipblocks or snmp * interfaces were specified depending on the type of probe. */ switch (probe->probe_type) { case PROBE_ENUM_NETFLOW: /* make certain at least one external-facing interface or IP * block has been specified */ if ((skBitmapGetHighCount(probe->if_map[IFMAP_EXTERNAL]) == 0) && (probe->if_ipblock[IFMAP_EXTERNAL] == NULL)) { skAppPrintErr(("Cannot verify probe %s:\n" "\tThe %s-interface or %s-ipblock must be given"), probe->probe_uniq_name, ifmap_group_id_name[IFMAP_EXTERNAL], ifmap_group_id_name[IFMAP_EXTERNAL]); return -1; } break; case PROBE_ENUM_IPFIX: if (probe->if_ipblock[IFMAP_EXTERNAL] == NULL) { skAppPrintErr(("Cannot verify probe %s:\n" "\tThe %s-ipblock must be given"), probe->probe_uniq_name, ifmap_group_id_name[IFMAP_EXTERNAL]); return -1; } break; default: assert(skProbetypeEnumtoName(probe->probe_type)); skAppPrintErr(("Cannot verify probe %s:\n" "\t'%s' probes are not supported at this site."), probe->probe_uniq_name, skProbetypeEnumtoName(probe->probe_type)); return -1; } return 0; } /* * count = skProbeDetermineFlowtype(probe, &rwrec, ftypes[], sensorids[]); * * Fill the 'ftypes' and 'sensorids' arrays with the list of * flow_types and sensors to which the 'rwrec' probe, collected * from the 'probe' sensor, should be packed. Return the number of * elements added to each array or -1 on error. */ int skProbeDetermineFlowtype( const probe_def_t *probe, const rwRec *rwrec, uint8_t *ftypes, sensorID_t *sensorids) { assert(ftypes); assert(sensorids); if (probe->probe_type == PROBE_ENUM_SILK) { /* For a record from a SiLK Flow file, return whatever * flowtype and sensor is on the record itself. */ ftypes[0] = rwrec->flow_type; sensorids[0] = rwrec->sID; return 1; } /* sensor_id is always the sensor where the flow was collected */ sensorids[0] = probe->sensor_id; if (skProbeTestFlowInterfaces(probe, rwrec, IFMAP_EXTERNAL, REC_DIR_FROM) == 1) { /* Flow came from the outside */ if (skProbeTestFlowInterfaces(probe, rwrec, IFMAP_NULL, REC_DIR_TO) == 1) { /* Flow went to the null destination */ ftypes[0] = RW_IN_NULL; return 1; } /* Assume flow went to the inside: incoming */ if (IS_WEB(rwrec)) { ftypes[0] = RW_IN_WEB; return 1; } ftypes[0] = RW_IN; return 1; } else { /* Flow came from the inside */ if (skProbeTestFlowInterfaces(probe, rwrec, IFMAP_NULL, REC_DIR_TO) == 1) { /* Flow went to the null destination */ ftypes[0] = RW_OUT_NULL; return 1; } /* Assume flow went to the outside: outgoing */ if (IS_WEB(rwrec)) { ftypes[0] = RW_OUT_WEB; return 1; } ftypes[0] = RW_OUT; return 1; } return -1; /* NOTREACHED */ }